All Versions
135
Latest Version
Avg Release Cycle
47 days
Latest Release
410 days ago
Changelog History
Page 1
Changelog History
Page 1
-
v5.3.1 Changes
August 09, 2022- ๐ Fix version range for CVE-2022-32209
-
v5.3.0 Changes
August 09, 2022- Include explicit engine or lib paths in vendor/ (Joe Rafaniello)
- Load rexml as a Brakeman dependency
- ๐ Fix "full call" information propagating unnecessarily
- โ Add check for CVE-2022-32209
- โ Add CWE information to warnings (Stephen Aghaulor)
-
v5.2.3 Changes
May 01, 2022- ๐ Fix error with hash shorthand syntax
- Match order of interactive options with help message (Rory O'Kane)
-
v5.2.2 Changes
April 06, 2022- โก๏ธ Update
ruby_parser
for Ruby 3.1 support (Merek Skubela) - ๐ Handle
nil
when joining values (Dan Buettner) - โก๏ธ Update message for unsafe reflection (Pedro Baracho)
- โ Add additional String methods for SQL injection check
- Respect equality in
if
conditions
- โก๏ธ Update
-
v5.2.1 Changes
January 30, 2022- โ Add warning codes for EOL software warnings
-
v5.2.0 Changes
December 15, 2021- ๐ Initial Rails 7 support
- ๐ Require Ruby 2.5.0+
- ๐ Fix issue with calls to
foo.root
in routes - Ignore
I18n.locale
in SQL queries - Do not treat
sanitize_sql_like
as safe - โ Add new checks for unsupported Ruby and Rails versions
-
v5.1.2 Changes
October 28, 2021- ๐ Handle cases where enums are not symbols
- ๐ Support newer Haml with ::Haml::AttributeBuilder.build
- ๐ Fix issue where the previous output is still visible (Jason Frey)
- ๐ Fix warning sorting with nil line numbers
- โก๏ธ Update for latest RubyParser (Ryan Davis)
-
v5.1.1 Changes
July 19, 2021- ๐จ Unrefactor IgnoreConfig's use of
Brakeman::FilePath
- ๐จ Unrefactor IgnoreConfig's use of
-
v5.1.0 Changes
July 19, 2021- ๐ Initial support for ActiveRecord enums
- ๐ Support
Hash#include?
- Interprocedural dataflow from very simple class methods
- ๐ Fix SARIF report when checks have no description (Eli Block)
- โ Add ignored warnings to SARIF report (Eli Block)
- โ Add
--sql-safe-methods
option (Esty Scheiner) - โก๏ธ Update SQL injection check for Rails 6.0/6.1
- ๐ Fix false positive in command injection with
Open3.capture
(Richard Fitzgerald) - ๐ Fix infinite loop on mixin self-includes (Andrew Szczepanski)
- Ignore dates in SQL
- ๐จ Refactor
cookie?
/param?
methods (Keenan Brock) - Ignore renderables in dynamic render path check (Brad Parker)
- ๐ Support
Array#push
- ๐ Better
Array#join
support - Adjust copy of
--interactive
menu (Elia Schito) - ๐ Support
Array#*
- ๐ Better method definition tracking and lookup
- ๐ Support
Hash#values
andHash#values_at
- Check for user-controlled evaluation even if it's a call target
- ๐ Support
Array#fetch
andHash#fetch
- Ignore
sanitize_sql_like
in SQL - Ignore method calls on numbers in SQL
- โ Add GitHub Actions format (Klaus Badelt)
- ๐ Read and parse files in parallel
-
v5.0.4 Changes
June 08, 2021๐ (brakeman gem release only)
- โก๏ธ Update bundled
ruby_parser
to include argument forwarding support
- โก๏ธ Update bundled